A blog to share security, networking and cloud related technology information as @vCloudernBeer picked up on his search for his destiny in the cloud. (LinkedIn: https://www.linkedin.com/in/chowanthony)

Monday, September 11, 2017

I worked as a software developer for a networking company
writing value-added firmware on top of the hardware based switching and routing
engine. With in-depth knowledge and experience I still find this book very
useful for me.

Below is the table of content and brief summary of the book
that I got from the Packt Publishing site:

Table of Content

Review of TCP/IP Protocol Suite and Python
Language

Low-Level Network Device Interactions

API and Intent-Driven Networking

The Python Automation Framework - Ansible Basics

The Python Automation Framework - Ansible
Advance Topic

Network Security with Python

Network Monitoring with Python - Part 1

Network Monitoring with Python - Part 2

Building Network Web Services with Python

OpenFlow
Basics

Advanced
OpenFlow Topics

OpenStack,
OpenDaylight, and NFV

Hybrid
SDN

What You Will Learn

Review
all the fundamentals of Python and the TCP/IP suite

Use
Python to execute commands when the device does not support the API or
programmatic interaction with the device

Integrate
Ansible using Python to control Cisco, Juniper, and Arista networks

Achieve
network security with Python

Build
Flask-based web-service APIs with Python

Construct
a Python-based migration plan from a legacy to scalable SDN-based network.

This book is written in a very logical manner covering from
the basics to the more advanced topics. Integrating networking and Python
automation into one and to show the reader how to build a lab environment to
try out what is covered in the book. This hands-on adds value to this book
because it is not just theory.We engineers
like to get our feet wet and try things out ourselves.

This book is pretty comprehensive as it covers automaton of
networking device from Cisco, Juniper and Arista Network. The 3 main areas are:

Automation with Python/Ansible

Two chapters were dedicated to this topic and again it cover
the basics of Ansible and them move on the more advanced topic of using
programming techniques to make Ansible more powerful and useful in automating
the network. It also covered Ansible vault and to show how we can write
customized modules.

Network Security with Python

Security is also an essential element that a network
engineer has to deal with. One chapter of this book is dedicated to talk about
different tools that can be used to automate some day to day task for network
security including packet sniffing, port scanning, searching syslog and to
automate writing Access Control List (ACLs) with Ansible.This chapter also introduces the tool PythonScapy.

Network Monitoring with Python

Two chapters were dedicated for network monitoring. It first
introduced the various Python based tools for network monitoring and then moving
on to the more detail description of Graphviz on how we can better visualize the
network, how to parse Netflow with Python and the use of AWS based
Elasticsearch for ELK stack.

Python is a powerful and easy to use framework for web based
applications. In this book one chapter is used to describe how to build a
Network Web Services with Python and some reader may find this useful.

The last 4 chapters of this book were about the near matured
technology – SDN. Emphasis are put in talking about Open vSwitch/OpenFlow and
then this book touched on briefly the SDN ecosystem such as OpenStack and
OpenDayLight with instruction on how to try out OpenStack Newtron

This book ended with a chapter on moving forward with a
hybrid SDN mixing the legacy network with the newer technology of SDN.

Overall, I highly recommend this book for all network
engineers and to a certain degree software developers who want to get into the
field of networking.

Tuesday, April 4, 2017

What’s new in Release 1.6

According to the blog post from Kubernetes, this release focuses on scale and automation. Mirantis has a very good “What’s new in Kubernetes 1.6”. In this article, it listed the following categories of major changes:

DaemonSet rolling updates

Kubernetes Federation

Authentication and access control improvement

Scheduling changes

Container Runtime Interface is now the default

Storage improvements

Networking Improvements

Other Changes

“Other changes” is the catchall category for those changes that are also important. For all the changes in release 1.6, check out the release notes on GitHub.

Container Runtime

Kubernetes is a container orchestration engine. For container to run on the host, it needs to have a container runtime. Back in release 1.0, Kubernetes only support the Docker container runtime – runc. In release 1.3, rkt is added. In release 1.5 the Container Runtime Interface is added to allow Kubernetes to support a wider range of container runtime to integrate with kubelet on a node. The container runtime interface in Kubernetes 1.5 release as alpha and the Docker container runtime remains to be the default. With this interface, for Kubernetes to support a new container runtime, it does not need to be integrating deep in the kubelet source code.

What is Container Runtime Interface?

In brief, the Container Runtime Interface is an abstraction layer allowing kubelet to interface with any container runtime. Before release 1.5, without this interface, adding container runtime support will have to make coding changes to the kubelet source code.

Container Runtime Interface interacts with kubelet uses the gRPC protocol. This blog post from Kubernetes has a more detailed description on Container Runtime Interface. Like any open source project GitHub usually has good documentation on the subject.

Container Runtime Interface is turned on as the default behavior in Kubernetes 1.6 even it is still in beta status. Beside runc and rkt, currently these container runtime are in developement to work with CRI: